GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → WyAtu → Perun

WyAtu / Perun

Licence: gpl-3.0
Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

Programming Languages

python
139335 projects - #7 most used programming language

Labels

securitypentestingscannerpentest-toolredteamvulnerability-scanners

Projects that are alternatives of or similar to Perun

Winpwn
Automation for internal Windows Penetrationtest / AD-Security
Stars: ✭ 1,303 (+68.56%)
Mutual labels:  pentesting, pentest-tool, redteam
Raccoon
A high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+199.09%)
Mutual labels:  pentesting, scanner, pentest-tool
Vailyn
A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
Stars: ✭ 103 (-86.68%)
Mutual labels:  pentesting, pentest-tool, vulnerability-scanners
Stowaway
👻Stowaway -- Multi-hop Proxy Tool for pentesters
Stars: ✭ 500 (-35.32%)
Mutual labels:  pentesting, pentest-tool, redteam
Vajra
Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Stars: ✭ 269 (-65.2%)
Mutual labels:  pentesting, scanner, pentest-tool
Venom
Venom - A Multi-hop Proxy for Penetration Testers
Stars: ✭ 1,228 (+58.86%)
Mutual labels:  pentesting, pentest-tool, redteam
Oscp Pentest Methodologies
备考 OSCP 的各种干货资料/渗透测试干货资料
Stars: ✭ 166 (-78.53%)
Mutual labels:  pentesting, pentest-tool, redteam
Nimscan
🚀 Fast Port Scanner 🚀
Stars: ✭ 134 (-82.66%)
Mutual labels:  pentesting, scanner, redteam
Hackerenv
Stars: ✭ 309 (-60.03%)
Mutual labels:  pentesting, pentest-tool, vulnerability-scanners
Xunfeng
巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
Stars: ✭ 3,131 (+305.05%)
Mutual labels:  pentesting, scanner, vulnerability-scanners
Ldap search
Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.
Stars: ✭ 78 (-89.91%)
Mutual labels:  pentesting, pentest-tool, redteam
Securitymanageframwork
Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.
Stars: ✭ 378 (-51.1%)
Mutual labels:  pentesting, scanner, vulnerability-scanners
Vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Stars: ✭ 1,079 (+39.59%)
Mutual labels:  pentesting, scanner, pentest-tool
Lockdoor Framework
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Stars: ✭ 677 (-12.42%)
Mutual labels:  pentesting, pentest-tool, redteam
V3n0m Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+9.57%)
Mutual labels:  pentesting, scanner, vulnerability-scanners
Cloudbrute
Awesome cloud enumerator
Stars: ✭ 268 (-65.33%)
Mutual labels:  pentesting, pentest-tool, redteam
Impost3r
👻Impost3r -- A linux password thief
Stars: ✭ 355 (-54.08%)
Mutual labels:  pentesting, pentest-tool, redteam
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+837.39%)
Mutual labels:  pentesting, scanner, pentest-tool
Satansword
红队综合渗透框架
Stars: ✭ 482 (-37.65%)
Mutual labels:  pentest-tool, vulnerability-scanners
Mxtract
mXtract - Memory Extractor & Analyzer
Stars: ✭ 499 (-35.45%)
Mutual labels:  pentesting, redteam
View All Similar Projects ➔

Perun

Python 2.7 License Vulns

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架,它主要适用于内网环境,加载漏洞检测Vuln模块后能够快速发现安全问题,并根据需要生成报表,以方便安全人员对授权项目完成测试工作。

Perun由Python2.7和Python标准库开发,所有功能(端口扫描,漏洞检测,控制台输出,生成Html报告)兼容Windows系统和*nix系统,Html报告采用Vue+Element,支持对扫描结果的排序、搜索、分页

在内网环境中只需上传Perun的启动器文件(未安装Python的主机环境下可以使用Pyinstaller打包生成的单个控制台exe二进制启动器文件,大小在3-5M),其余文件可以部署在云端,也可以部署在目标内网中,既可用作普通的端口扫描器,又可用作漏洞扫描器,方便安全人员在内网环境中进行工作。

快照预览

  • 控制台快照

    all_list

    test

  • 报告快照

    report_snapshot1

    report_snapshot1

    report_snapshot1

工作流程

  • 加载-l参数指定路径下的项目代码

  • 解析-t参数指定的目标

  • 进行ping扫描活跃主机(使用--skip-ping参数将跳过ping扫描阶段)

  • 根据默认扫描端口或-p参数对指定端口进行端口扫描,默认扫描178个端口,详见Perun/conf/globallistconf.py

  • 解析--vuln和--search(包括--filter和--exclude)参数指定的漏洞检测Vuln模块

  • 根据各Vuln模块默认扫描端口或--set-port指定各Vuln模块扫描端口,匹配目标主机开放端口,生成待扫描目标列表

  • 加载各漏洞扫描Vuln模块Payload,进行漏洞扫描

  • 生成报告(使用--skip-report参数将跳过生成报告)

启动和加载

Perun由Perun.py(或是由Perun.py打包生成的二进制文件)启动,有两种方式加载,远程加载和本地加载,通过-l/--load-file-path参数指定本地文件路径或者远程地址url后,Perun.py将会加载其他代码和漏洞检测Vuln模块并执行。

这样可以在保证项目开发目录结构清晰的同时,只需要一个启动器文件在内网环境中即可工作,其余文件可部署在公网云端或内网环境本地,单个启动器文件方便打包成更小的exe二进制文件,且更新插件不需要重新打包(如导入新的Python库则需要重新打包),一劳永逸。

使用参数

使用参数

使用举例

使用举例

支持的Vuln模块

Perun目前支持57个Vuln模块

支持的Vuln模块

自定义Vuln模块

编写新的自定义Vuln模块

欢迎编写并提交更多自定义Vuln模块,直接pr或者发到邮箱wyatu[@]foxmail.com

如何打包

打包Perun二进制文件

更新日志

CHANGELOG.md

致谢

  • liyuan大哥的报告前端代码支持

  • xunfengScanver等开源项目和其他开源脚本/项目,很多Vuln模块参考或取自这些优秀的开源项目

在此表示感谢。

  • Ntears编写的Weblogic wls9-async RCE CNVD-C-2019-48814 Vuln模块

说明

Bug/更多自定义Vuln模块提交/意见建议,请直接pr或者发到邮箱wyatu[@]foxmail.com

本项目仅进行漏洞探测工作,无漏洞利用、攻击性行为,开发初衷仅为方便安全人员对授权项目完成测试工作和学习交流使用,请使用者遵守当地相关法律,勿用于非授权测试,如作他用所承受的法律责任一概与作者无关,下载使用即代表使用者同意上述观点

附《中华人民共和国网络安全法》。

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].